Snort mailing list archives

WARNING: normalizations disabled because DAQ can't replace packets.

From: Yayan Tri Taryana <yayantritaryana () gmail com>
Date: Thu, 13 Dec 2012 16:12:44 +0700

Hi,

I have and IDS Server using snort, previously my server is work normal, but
now i realize that my snort is not log the alert.

when i tail -f /var/log/message

theres an error say "WARNING: normalizations disabled because DAQ can't
replace packets."

is anyone encountered this and how to fix it ..

this is my log

: [ Number of patterns truncated to 20 bytes: 3926 ]
Dec 13 15:12:39 GURUH0 snort[3149]: pcap DAQ configured to passive.
Dec 13 15:12:39 GURUH0 snort[3149]: Acquiring network traffic from "eth3".
Dec 13 15:12:39 GURUH0 snort[3149]: Initializing daemon mode
Dec 13 15:12:39 GURUH0 snort[3150]: Daemon initialized, signaled parent
pid: 3149
Dec 13 15:12:39 GURUH0 snort[3150]: Reload thread starting...
Dec 13 15:12:39 GURUH0 snort[3150]: Reload thread started, thread
0x426f8940 (3150)
Dec 13 15:12:39 GURUH0 kernel: device eth3 entered promiscuous mode
Dec 13 15:12:39 GURUH0 kernel: type=1700 audit(1355386359.639:8): dev=eth3
prom=256 old_prom=0 auid=4294967295 ses=4294967295
Dec 13 15:12:39 GURUH0 snort[3150]: Decoding Ethernet
Dec 13 15:12:39 GURUH0 snort[3150]: Checking PID path...
Dec 13 15:12:39 GURUH0 snort[3150]: PID path stat checked out ok, PID path
set to /var/run/
Dec 13 15:12:39 GURUH0 snort[3150]: Writing PID "3150" to file
"/var/run//snort_eth3.pid"
Dec 13 15:12:39 GURUH0 snort[3150]: Set gid to 500
Dec 13 15:12:39 GURUH0 snort[3150]: Set uid to 500
Dec 13 15:12:39 GURUH0 snort[3150]: WARNING: normalizations disabled
because DAQ can't replace packets.
Dec 13 15:12:39 GURUH0 snort[3150]:
Dec 13 15:12:39 GURUH0 snort[3150]:         --== Initialization Complete
==--
Dec 13 15:12:39 GURUH0 snort[3150]: Commencing packet processing (pid=3150)


Txs

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

WARNING: normalizations disabled because DAQ can't replace packets. Yayan Tri Taryana (Dec 13)
- Re: WARNING: normalizations disabled because DAQ can't replace packets. Russ Combs (Dec 13)